There is unnecessary resource consumption in `SecureRandom.getInstance()`.
구태진
koo.taejin at gmail.com
Sat Apr 29 05:29:05 UTC 2023
I understood what you said.
And thank you for forwarding this mail to security-dev.
If it is decided to fix this issue and this issue is not as much work as I
thought.
If you give me the opportunity to change the code via PR, it will be a
great honor for a lifetime as a Java developer.
Thanks :)
2023년 4월 29일 (토) 오전 2:04, Sean Mullan <sean.mullan at oracle.com>님이 작성:
> [This should be discussed on the security alias so I am copying
> security-dev and -bcc-ing core-libs-dev]
>
> As Bernd noted, use of SHA1PRNG should ideally be replaced with a
> stronger secure random algorithm, so the impact of this issue is
> probably not that significant. That said, I think this is still worthy
> of fixing.
>
> On 4/28/23 7:40 AM, Bernd wrote:
> > There are two solutions I think.
> >
> > 1. Create a constructor for SecureRandom.
>
> #1 seems easy enough. We can add a SecureRandom(SecureRandomParameters)
> to sun.security.provider.SecureRandom. (The ctor can ignore the
> parameter and just call SecureRandom()).
>
> I can file an issue on your behalf.
>
> > 2. Compare using getConstructors instead of getConstrctor.
>
> --Sean
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://mail.openjdk.org/pipermail/security-dev/attachments/20230429/c82f0938/attachment.htm>
More information about the security-dev
mailing list